<?php
/**
 * Verifies that a given username/password combination exists in the relational database system.
 *
 * <p>
 * The <code>UserLogin</code> object provides auxilary functionality to the logic laced within the
 * <code>signIn.php</code> web page by communicating directly with the relational database to
 * search for a record corresponding to the provided credentials.
 * </p>
 *
 * @author Darrius Serrant, Computer Science (Undergraduate)
 */
require_once ('connectvars.php');

class UserLogin {

    /**
     * A status code that reports the results of the most recent execution of the <code>checkCredentials</code> function
     * @var <integer>
     */

    private $errorCode;

    /**
     * A variable that counts the number of times that user has failed to provide a valid password.
     */
    private $failedAttempts ;


    /**
     * The database connectivity variable.
     */
    private $FAIL_ATTEMPT_LIMIT = 6 ;

    /**
     * Whether or not the current user is locked out of his account.
     * @var <type>
     */
    private $isLockedOut = false ;


    /**
     * Decides whether or not the given username and password combination exists in the database.
     *
     * <p>
     * The function evaluates the result of the following SQL query to the Agents database table:
     * <code>
     *    SELECT * FROM Agents WHERE userName = $user_name ;
     * </code>
     * </p>
     * <p>
     * If a record corresponding to the user name exists, then the function shall next verify that the
     * given password is the same as the password contained in the database.
     * </p>
     * <p>
     * This function returns a one of three numerical values to indicate the result of its operation:
     * <ol>
     *     <li> A value of (1) indicates that the function was successful at locating the username in the
     *          database and that the given password corresponds with the password stored in the database.
     *     </li>
     *     <li>
     *          A value of (2) indicates that the function was successful at locating the username in the database,
     *          but was unsuccessful at matching the parameterized password with the password stored in the database.
     *      </li>
     *     <li>
     *          A value of (3) indicates that the function was unsuccessful at locating the username in the database.
     *     </li>
     * </ol>
     *
     * @param user_name    a given user's username
     * @param password     a given user's password
     * @return a status code that represents the status of the credentials verification.
     */
    public function checkCredentials ( $user_name, $password ) {

        $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

        if(!empty ($user_name) && !empty ($password)){
            $query1 = "SELECT Username FROM agent WHERE Username = '$user_name' ";
            $query2 = "SELECT Username FROM agent WHERE Username = '$username' AND " .
                "password = SHA('$password')";
            $data = mysqli_query($dbc, $query1);

            if(mysqli_num_rows($data) == 1){
                $row = mysqli_fetch_array($data);

                if ( $row['DISABLED'] == TRUE ) {
                    $this->errorCode = 4 ;
                    $this->isLockedOut = TRUE ;
                }
                else if ( $row['Password'] != $password ) {
                    $this->errorCode = 2 ;
                    $this->failedAttempts++ ;

                    if ( $this->failedAttempts >=  $this->FAIL_ATTEMPT_LIMIT) {
                        lockAccount ($user_name );
                        $this->errorCode = 4 ;
                    }
                }
                else {
                        $this->errorCode = 1 ;
                }
             }
            else {
                $this->errorCode = 3;
            }
        }
        return $this->errorCode ;
    }

    /**
     * Decrypts the given password and returns its actual value to the calling function.
     *
     * @param an encryped password retrieved from the Agents database table
     * @return <String> the value of the encrypted password
     */
    public function getFailedAttempts (  ) {
        return $this->failedAttempts ;
    }

    /**
     * Disable the agent account corresponding to the given username.
     * <p>
     * The user will now be unable to access the application through his user account unless
     * the system administrator manually disables the lock placed on his account.
     * </p>
     */
    private function lockAccount ( $username ) {
        $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

        $query = "UPDATE agents SET DISABLED = TRUE WHERE Username = '$username'";
    }
}
?>